Hi there,
some of the recent holes discussed on this list, and David Holland''s
suggestion for a utmp manager daemon got me thinking. I ended up coding
a sample program that demonstrates how a `resource manager'' can be used
to allow applications access to certain resources while not giving them
any privileges.
The sample program is a primitve modem manager that hands out open
file descriptors to modems. This is done by passing the file descriptor
over a UNIX domain socket.
The protocol also provides for some kind of authentication, but it''s
not really good. Recent 2.1 kernels provide SCM_CREDENTIALS passing,
which could be used here.
The source can be found on
ftp://ftp.mathematik.th-darmstadt.de/pub/linux/okir/modemmgr-0.2.tar.gz
Feedback welcome,
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@lst.de +-------------------- Why Not?! -----------------------
